CVE-2011-2999

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0,and SeaMonkey before 2.3 do not properly handle "location" as the name of aframe, which allows remote attackers to bypass the Same Origin Policy via acrafted web site, a different vulnerability than CVE-2010-0170.